Malware Detection using Windows API Sequence and Machine Learning

Ravi, Chandrasekar; Manoharan, R

doi:10.5120/6194-8715

Cited by 49 publications

(38 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Do antivirus programs apply against worms and Trojans or only against the viruses? All of these questions originate from one source and it's the complex and complicated world of destructive codes [1].…”

Section: Malware Definition and Analysismentioning

confidence: 99%

See 1 more Smart Citation

Malware Detection Using Data Mining Techniques

Najari¹

2014

IJIIS

View full text Add to dashboard Cite

Nowadays, malicious software attacks and threats against data and information security has become a complex process. The variety and number of these attacks and threats has resulted in providing various type of defending ways against them, but unfortunately current detection technologies are ineffective to cope with new techniques of malware designers which use them to escape from anti-malwares. In current research, we present a combination of static and dynamic methods to accelerate and improve malware detection process and to enable malware detection systems to detect malware with high precision, in less time and help network security experts to react well since time detection of security threats has a high importance in dealing with attacks.

show abstract

Section: Malware Definition and Analysismentioning

confidence: 99%

“…Like country boundaries which could be attacked from different aspects such as contraband and thieves, virtual space also suffer from these attacks [1]. Experiences have shown that most of these attacks are from malwares.…”

Section: Introductionmentioning

confidence: 99%

Malware Detection Using Data Mining Techniques

Najari¹

2014

IJIIS

View full text Add to dashboard Cite

show abstract

“…Ravi, et al [3] proposed a malware detection system which used Windows API call sequence as an input and association mining based classification. To create a signature database, the proposed system split a sequence into 4-gram and labeled them with their corresponding class according to the rules.…”

Section: Related Workmentioning

confidence: 99%

“…Generally dynamic analysis has two ways according to the used feature and applied technique. Firstly, dynamic analysis by the used features utilizes information such as the frequency or sequence of API call [1], [3]- [5], compiled hexadecimal code [2], program execution paths [8] and others [5]- [7] as the feature. Secondly, analysis by applied techniques utilizes a sequence alignment [1], [2] and data mining or machine learning [2]- [5], [9] for the collected feature data.…”

Section: Related Workmentioning

confidence: 99%

“…The behavior information includes overall system I/Os and state changes [6] of system components including a file, registry, network, memory and etc. as well as API calls [1], [3]- [5] and control flows. Although the algorithms or methods of various fields have been applied for malware detection, such as the machine learning, data mining and various algorithms [1]- [5], [9], we introduce a dynamic analysis method based on malware behavior information with API call sequences and Multiple Sequence Alignment (MSA) for malware detection.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Feature-Chain Based Malware Detection Using Multiple Sequence Alignment of API Call

Kim

et al. 2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYThe recent cyber-attacks utilize various malware as a means of attacks for the attacker's malicious purposes. They are aimed to steal confidential information or seize control over major facilities after infiltrating the network of a target organization. Attackers generally create new malware or many different types of malware by using an automatic malware creation tool which enables remote control over a target system easily and disturbs trace-back of these attacks. The paper proposes a generation method of malware behavior patterns as well as the detection techniques in order to detect the known and even unknown malware efficiently. The behavior patterns of malware are generated with Multiple Sequence Alignment (MSA) of API call sequences of malware. Consequently, we defined these behavior patterns as a "feature-chain" of malware for the analytical purpose. The initial generation of the feature-chain consists of extracting API call sequences with API hooking library, classifying malware samples by the similar behavior, and making the representative sequences from the MSA results. The detection mechanism of numerous malware is performed by measuring similarity between API call sequence of a target process (suspicious executables) and feature-chain of malware. By comparing with other existing methods, we proved the effectiveness of our proposed method based on Longest Common Subsequence (LCS) algorithm. Also we evaluated that our method outperforms other antivirus systems with 2.55 times in detection rate and 1.33 times in accuracy rate for malware detection.

show abstract

Ransomware detection using machine learning algorithms

Bae

Lee

2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary The number of ransomware variants has increased rapidly every year, and ransomware needs to be distinguished from the other types of malware to protect users' machines from ransomware‐based attacks. Ransomware is similar to other types of malware in some aspects, but other characteristics are clearly different. For example, ransomware generally conducts a large number of file‐related operations in a short period of time to lock or to encrypt files of a victim's machine. The signature‐based malware detection methods, which have difficulties to detect zero‐day ransomware, are not suitable to protect users' files against the attacks caused by risky unknown ransomware. Therefore, a new protection mechanism specialized for ransomware is needed, and the mechanism should focus on ransomware‐specific operations to distinguish ransomware from other types of malware as well as benign files. This paper proposes a ransomware detection method that can distinguish between ransomware and benign files as well as between ransomware and malware. The experimental results show that our proposed method can detect ransomware among malware and benign files.

show abstract

Malware Detection using Windows API Sequence and Machine Learning

Cited by 49 publications

References 6 publications

Malware Detection Using Data Mining Techniques

Malware Detection Using Data Mining Techniques

Feature-Chain Based Malware Detection Using Multiple Sequence Alignment of API Call

Ransomware detection using machine learning algorithms

Contact Info

Product

Resources

About